cbfs: Check for ptr range sanity.
Triaged by Andrei and enhanced with suggestions by Aaron Durbin Also-By: Andrei Borzenkov <arvidjaar@gmail.com>
This commit is contained in:
Vladimir Serbinenko
parent
a39137aefe
commit
855fe6869c
1 changed files with 9 additions and 1 deletions
|
|
@ -344,8 +344,16 @@ init_cbfsdisk (void)
|
|||
|
||||
ptr = *(grub_uint32_t *) 0xfffffffc;
|
||||
head = (struct cbfs_header *) (grub_addr_t) ptr;
|
||||
grub_dprintf ("cbfs", "head=%p\n", head);
|
||||
|
||||
if (!validate_head (head))
|
||||
/* coreboot current supports only ROMs <= 16 MiB. Bigger ROMs will
|
||||
have problems as RCBA is 18 MiB below end of 32-bit typically,
|
||||
so either memory map would have to be rearranged or we'd need to support
|
||||
reading ROMs through controller directly.
|
||||
*/
|
||||
if (ptr < 0xff000000
|
||||
|| 0xffffffff - ptr < sizeof (*head) + 0x10
|
||||
|| !validate_head (head))
|
||||
return;
|
||||
|
||||
cbfsdisk_size = ALIGN_UP (grub_be_to_cpu32 (head->romsize),
|
||||
|
|
|
|||
Loading…
Reference in a new issue